Accept CryptoCurrency Payments on WooCommerce – CryptoCurrency Gateway Plugin from TheBigCoin Security & Risk Analysis

wordpress.org/plugins/accept-bitcoin-payments-on-woocommerce-thebigcoin

Accept CryptoCurrency payments on your WooCommerce store with TheBigCoin payments plugin.

10 active installs v1.0.2 PHP 5.3+ WP 4.0+ Updated Jun 5, 2018
bitcoin-payment-pluginbitcoin-paymentsbitcoin-payments-for-woocommercewoocommerce-bitcoinwoocommerce-ethereum
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Accept CryptoCurrency Payments on WooCommerce – CryptoCurrency Gateway Plugin from TheBigCoin Safe to Use in 2026?

Generally Safe

Score 85/100

Accept CryptoCurrency Payments on WooCommerce – CryptoCurrency Gateway Plugin from TheBigCoin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The security posture of the "accept-bitcoin-payments-on-woocommerce-thebigcoin" plugin v1.0.2 appears to be relatively strong based on the provided static analysis. The absence of any recorded vulnerabilities (CVEs) and the lack of identified critical or high severity taint flows are positive indicators. Furthermore, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries, indicating an effort to prevent SQL injection vulnerabilities. The absence of file operations and external HTTP requests also reduces the potential attack vectors.

However, there are notable areas for concern. The most significant is the complete lack of capability checks and nonce checks across all identified entry points. While the static analysis reports zero entry points, this finding is contradictory to the reporting of "10 total outputs" with only "20% properly escaped." This suggests potential outputs that are not adequately protected. The complete absence of nonce checks, even if the attack surface is reported as zero, is a weakness. If any user-facing interaction or data processing occurs, the lack of these fundamental security measures creates a risk of Cross-Site Request Forgery (CSRF) or other manipulation attacks. The 80% of outputs that are not properly escaped present a significant Cross-Site Scripting (XSS) risk, especially if user-supplied data is involved in these outputs. The vulnerability history being completely clean is a strength, but the lack of security checks in the code analysis raises questions about how thoroughly the code has been audited or if the static analysis missed potential issues due to the lack of identified entry points.

In conclusion, while the plugin has a clean vulnerability history and uses prepared statements for SQL, the absence of crucial security checks like capability and nonce checks, coupled with a high percentage of unescaped output, presents a substantial risk of XSS and potential CSRF vulnerabilities. The reported zero attack surface despite identified outputs is also a point of concern, suggesting a potential gap in the analysis or the plugin's design.

Key Concerns

  • Missing nonce checks
  • Missing capability checks
  • Unescaped output (80% of 10)
Vulnerabilities
None known

Accept CryptoCurrency Payments on WooCommerce – CryptoCurrency Gateway Plugin from TheBigCoin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Accept CryptoCurrency Payments on WooCommerce – CryptoCurrency Gateway Plugin from TheBigCoin Release Timeline

v1.0.2Current
v1.0.1
Code Analysis
Analyzed Apr 16, 2026

Accept CryptoCurrency Payments on WooCommerce – CryptoCurrency Gateway Plugin from TheBigCoin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
8
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

20% escaped10 total outputs
Attack Surface

Accept CryptoCurrency Payments on WooCommerce – CryptoCurrency Gateway Plugin from TheBigCoin Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actionplugins_loadedthebigcoin.php:19
actionwoocommerce_api_wc_gateway_thebigcointhebigcoin.php:56
filterwoocommerce_payment_gatewaysthebigcoin.php:551
Maintenance & Trust

Accept CryptoCurrency Payments on WooCommerce – CryptoCurrency Gateway Plugin from TheBigCoin Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedJun 5, 2018
PHP min version5.3
Downloads8K

Community Trust

Rating80/100
Number of ratings4
Active installs10
Developer Profile

Accept CryptoCurrency Payments on WooCommerce – CryptoCurrency Gateway Plugin from TheBigCoin Developer Profile

TheBigCoin

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Accept CryptoCurrency Payments on WooCommerce – CryptoCurrency Gateway Plugin from TheBigCoin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/accept-bitcoin-payments-on-woocommerce-thebigcoin/assets/images/thebigcoin-button.png
Version Parameters
accept-bitcoin-payments-on-woocommerce-thebigcoin/thebigcoin.php?ver=accept-bitcoin-payments-on-woocommerce-thebigcoin/includes/thebigcoinclient/init.php?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- TheBigCoin API Status --><!-- TheBigCoin API Status -->
Data Attributes
data-thebigcoin-project-iddata-thebigcoin-api-keydata-thebigcoin-api-secretdata-thebigcoin-test-modedata-thebigcoin-env
JS Globals
TheBigCoinClient
FAQ

Frequently Asked Questions about Accept CryptoCurrency Payments on WooCommerce – CryptoCurrency Gateway Plugin from TheBigCoin